Transcript 11 Scalability Concepts Every Architect Should Understand

Securely Running Applications
in the Cloud (and why it is inevitable)
Examples drawn from Windows Azure cloud platform
OWASP Boston
08-October-2011
Boston Azure User Group
http://www.bostonazure.org
@bostonazure
Bill Wilder
http://blog.codingoutloud.com
@codingoutloud
Bill
BillWilder
Wilder has been a software
professional for over 20 years. In 2009
he founded the Boston Azure User Group,
an in-person cloud community which gets
together monthly to learn about the
Windows Azure platform through prepared talks and
hands-on coding. Bill is a Windows Azure MVP, an
active speaker, blogger (blog.codingoutloud.com), and
tweeter (@codingoutloud) on technology matters and
soft skills for technologists, a member of Boston West
Toastmasters, and has a day job as a .NET-focused
enterprise architect.
Proposition
Big-vendor public cloud offerings
will emerge as the most secure
platforms available – more
secure than vast majority of noncloud datacenters
Overview
1.
2.
3.
4.
Leverage enjoyed by public cloud vendors
Quick definition of Cloud terms
Quick overview of Windows Azure Platform
As we go, ways the public cloud “got it right”
from security point of view (with examples
mostly drawn from Windows Azure)
Big Brains in high impact positions
Reality is Resource-Constrained
“Security is always a
tradeoff; it must be
balanced with the cost.”
- Bruce Schneier
http://www.schneier.com/essay-207.html
NIST – Cloud Platform Taxonomy
Private Cloud
Deployment Models
Community Cloud
Public Cloud
Hybrid Cloud
Essential Characteristics
Infrastructure as a Service
Platform as a Service
Software as
a Service
Rapid Elasticity
Broad network
access
Resource Pooling
On-demand self-service
Measured service
Some of the Players
PaaS
SaaS
AppHarbor
com
IaaS
“Bring Your Own” ____ as a Service
___________________ as a Service
Apps,
$/user, LDAP,
Expertise, SLA
System Software OpEx,
Auto Scale Out, Geo LB,
Failover, HA, OS Patching,
Monitoring, Monitoring,
Backup, Expertise, SLA
Hardware OpEx, Networking, DB/OS
Licenses, Virtualization, Automation,
Geo Distribution, CDN, Geo Replication,
Elasticity, Managed Facility, Expertise, SLA
Application Ownership
Simplified with PaaS
Stuff We Might
Rather Not Deal With
Stuff We Like
Data Center Management
High Availability
Computational Scalability
Hardware Provisioning
Network Load Balancing
Fault Tolerance
OS updates & Patches
Application Development
Staging / Production
Storage Scalability
OS Installation
Network Addressing
Hardware Repair
Slide stolen from Chris Bowen’s talk: Windows Azure:
What? Why? And a Peek Under the Hood
11
Windows Azure Overview
PaaS in Azure also adds…
(Just examples…)
• Key Management for Compute
• (more) Homogenous Platform
– Ability to specify base OS + patch level
– “one throad”
– Alternative: Amazon lists 1000+ AMI images:
http://aws.amazon.com/amis
Azure Data Storage…
• Access Controls
– Storage keys, with rollover
– Shared Access Signatures (Blobs)
– Container-level Access Policies (Blobs)
• Strong Consistency in Data Access
– Eventual Consistency challenges: Privacy
settings, deletion of sensitive data
• No automatic, at-rest encryption
– Amazon offers this
Remember Me?
Public  Hybrid  Private
Public Cloud My Data
Platform
Center
Public Cloud
Hybrid Cloud
Private Cloud
Windows Azure Overview
Windows Azure Platform Data Centers
Defense in Depth Approach
Layer
Data
Application
Host
Defenses
 Strong storage keys for access control
 SSL support for data transfers between all parties
 Front-end .NET framework code running under partial trust
 Windows account with least privileges
 Hardened version of Windows Server 2008 OS
 Host boundaries enforced by external hypervisor
Network
 Host firewall limiting traffic to VMs
 VLANs and packet filters in routers
Physical
 World-class physical security
 ISO 27001 and SAS 70 Type II certifications for datacenter
processes
Defenses Inherited by Windows Azure Platform
Applications
Spoofing
Tampering/
Disclosure
Repudiation
Denial of
Service
Elevation of
Privilege
VM switch
hardening
VLANs
Top of Rack
Switches
Custom
packet
filtering
Partial Trust
Runtime
Certificate
Services
Monitoring
SharedAccess
Signatures
HTTPS
Sidechannel
protections
Diagnostics
Service
Configurable
scale-out
Hypervisor
custom
sandboxing
Virtual
Service
Accounts
PaaS and cloud make strong security
accessible to mere mortals
Less complex, more cost-effective, competitive pressure (“everyone’s doing it”)
Simplified Security
• Interesting matrix Appendix B:
http://download.microsoft.com/download/7/
3/E/73E4EE93-559F-4D0F-A6FC7FEC5F1542D1/SecurityBestPracticesWindows
AzureApps.docx